AzureAD

중요

Azure AD PowerShell은 사용 중단될 예정입니다. 사용 중단 계획에 대한 자세한 내용은 사용 중단 업데이트를 참조하세요. Azure AD PowerShell에서와 마찬가지로 Microsoft Graph PowerShell을 사용하여 Azure AD 상호 작용할 수 있습니다. 또한 Microsoft Graph PowerShell을 사용하면 모든 Microsoft Graph API에 액세스할 수 있으며 PowerShell 7에서 사용할 수 있습니다. 빈번한 마이그레이션 쿼리에 대한 답변은 마이그레이션 FAQ를 참조하세요.

PowerShell 갤러리에서 Azure Active Directory PowerShell for Graph 모듈을 다운로드하고 설치할 수 있습니다. 이 갤러리는 PowerShellGet 모듈을 사용합니다. PowerShellGet 모듈에는 PowerShell 3.0 이상이 필요하며 다음 운영 체제 중 하나가 필요합니다.

  • 윈도우 10
  • Windows 8.1 Pro
  • Windows 8.1 Enterprise
  • Windows 7 SP1
  • Windows Server 2016 TP5
  • Windows Server 2012 R2
  • Windows Server 2008 R2 SP1

PowerShellGet을 사용하려면 .NET Framework 4.5 이상도 있어야 합니다. .NET Framework 4.5 이상은 여기에서 설치할 수 있습니다.

AzureAD cmdlet 설치에 대한 자세한 내용은 Graph용 Azure Active Directory PowerShell을 참조하세요.

다음은 Azure Active Directory PowerShell for Graph 모듈의 cmdlet입니다.

관리 단위

Add-AzureADMSAdministrativeUnitMember

Adds an administrative unit member.

Add-AzureADMSScopedRoleMembership

Adds a scoped role membership to an administrative unit.

Get-AzureADMSAdministrativeUnit

Gets an administrative unit.

Get-AzureADMSAdministrativeUnitMember

Gets a member of an administrative unit.

Get-AzureADMSScopedRoleMembership

Gets a scoped role membership from an administrative unit.

New-AzureADMSAdministrativeUnit

Creates an administrative unit.

Remove-AzureADMSAdministrativeUnit

Removes an administrative unit.

Remove-AzureADMSAdministrativeUnitMember

Removes an administrative unit member.

Remove-AzureADMSScopedRoleMembership

Removes a scoped role membership.

애플리케이션 프록시 애플리케이션 관리

Get-AzureADApplicationProxyApplication

The Get-AzureADApplicationProxyApplication cmdlet retrieves an application configured for Application Proxy in Azure Active Directory.

Get-AzureADApplicationProxyApplicationConnectorGroup

The Get-AzureADApplicationProxyApplicationConnectorGroup cmdlet retrieves the connector group assigned for a specific application.

New-AzureADApplicationProxyApplication

The New-AzureADApplicationProxyApplication cmdlet creates a new application configured for Application Proxy in Azure Active Directory.

Remove-AzureADApplicationProxyApplication

Deletes an Application Proxy application.

Remove-AzureADApplicationProxyApplicationConnectorGroup

The Remove-AzureADApplicationProxyApplicationConnectorGroup cmdlet sets the connector group assigned for the specified application to 'Default' and removes the current assignment.

Set-AzureADApplicationProxyApplication

The Set-AzureADApplicationProxyApplication allows you to modify and set configurations for an application in Azure Active Directory configured to use ApplicationProxy.

Set-AzureADApplicationProxyApplicationCustomDomainCertificate

The Set-AzureADApplicationProxyApplicationCustomDomainCertificate cmdlet assigns a certificate to an application configured for Application Proxy in Azure Active Directory (AD). This will upload the certificate and allow the application to use Custom Domains.

Set-AzureADApplicationProxyApplicationSingleSignOn

The Set-AzureADApplicationProxyApplicationSingleSignOn cmdlet allows you to set and modify single sign-on (SSO) settings for an application configured for Application Proxy in Azure Active Directory.

애플리케이션 프록시 커넥터 관리

Get-AzureADApplicationProxyConnector

The Get-AzureADApplicationProxyApplicationConnector cmdlet a list of all connectors, or if specified, details of a specific connector.

Get-AzureADApplicationProxyConnectorGroup

The Get-AzureADApplicationProxyConnectorGroup cmdlet retrieves a list of all connector groups, or if specified, details of a specific connector group.

Get-AzureADApplicationProxyConnectorGroupMembers

The Get-AzureADApplicationProxyConnectorGroupMembers gets all the Application Proxy connectors associated with the given connector group.

Get-AzureADApplicationProxyConnectorMemberOf

The Get-AzureADApplicationProxyConnectorMemberOf command gets the ConnectorGroup that the specified Connector is a member of.

New-AzureADApplicationProxyConnectorGroup

The New-AzureADApplicationProxyConnectorGroup cmdlet creates a new Application Proxy Connector group.

Remove-AzureADApplicationProxyConnectorGroup

The Remove-AzureADApplicationProxyConnectorGroup cmdlet deletes an Application Proxy Connector group.

Set-AzureADApplicationProxyApplicationConnectorGroup

The Set-AzureADApplicationProxyApplicationConnectorGroup cmdlet assigns the given connector group to a specified application.

Set-AzureADApplicationProxyConnector

The Set-AzureADApplicationProxyConnector cmdlet allows reassignment of the connector to another connector group.

Set-AzureADApplicationProxyConnectorGroup

The Set-AzureADApplicationProxyConnectorGroup cmdlet allows you to change the name of a given Application Proxy connector group.

애플리케이션

Add-AzureADApplicationOwner

Adds an owner to an application.

Get-AzureADApplication

Gets an application.

Get-AzureADApplicationExtensionProperty

Gets application extension properties.

Get-AzureADApplicationKeyCredential

Gets the key credentials for an application.

Get-AzureADApplicationLogo

Retrieve the logo of an application

Get-AzureADApplicationOwner

Gets the owner of an application.

Get-AzureADApplicationPasswordCredential

Gets the password credential for an application.

Get-AzureADApplicationServiceEndpoint

Retrieve the service endpoint of an application

Get-AzureADDeletedApplication

Retrieves the list of previously deleted applications

New-AzureADApplication

Creates an application.

New-AzureADApplicationExtensionProperty

Creates an application extension property.

New-AzureADApplicationKeyCredential

Creates a key credential for an application.

New-AzureADApplicationPasswordCredential

Creates a password credential for an application.

Remove-AzureADApplication

Delete an application by objectId.

Remove-AzureADApplicationExtensionProperty

Removes an application extension property.

Remove-AzureADApplicationKeyCredential

Removes a key credential from an application.

Remove-AzureADApplicationOwner

Removes an owner from an application.

Remove-AzureADApplicationPasswordCredential

Removes a password credential from an application.

Set-AzureADApplication

Updates an application.

Set-AzureADApplicationLogo

Sets the logo for an Application

AzureAD

Add-AzureADMSApplicationOwner

Adds an owner for an application object.

Add-AzureADMSServicePrincipalDelegatedPermissionClassification

Add a classification for a delegated permission.

Get-AzureADApplicationProxyConnectorGroupMember

{{ Fill in the Synopsis }}

Get-AzureADCurrentSessionInfo

This cmdlet will return the current session state

Get-AzureADMSApplication

Retrieves the list of applications within the organization.

Get-AzureADMSApplicationExtensionProperty

Retrieves the list of extension properties on an application object.

Get-AzureADMSApplicationOwner

Retrieves the list of owners for an application object.

Get-AzureADMSConditionalAccessPolicy

Gets an Azure Active Directory conditional access policy.

Get-AzureADMSDeletedDirectoryObject

This cmdlet is used to retrieve a soft deleted directory object from the directory

Get-AzureADMSDeletedGroup

This cmdlet is used to retrieve the soft deleted groups in a directory.

Get-AzureADMSIdentityProvider

This cmdlet is used to retrieve the configured identity providers in the directory.

Get-AzureADMSNamedLocationPolicy

Gets an Azure Active Directory named location policy.

Get-AzureADMSPermissionGrantConditionSet

Get an Azure Active Directory permission grant condition set by id.

Get-AzureADMSPermissionGrantPolicy

Gets a permission grant policy.

Get-AzureADMSServicePrincipalDelegatedPermissionClassification

Retreive the delegated permission classification objects on a service principal.

Get-CrossCloudVerificationCode

Gets the verification code used to validate the ownership of the domain in another connected cloud. Important: Only applies to a verified domain.

New-AzureADMSApplication

Creates (registers) a new application object.

New-AzureADMSApplicationExtensionProperty

Creates an extension property on an application object.

New-AzureADMSApplicationKey

Adds a new key to an application.

New-AzureADMSApplicationPassword

Adds a strong password to an application.

New-AzureADMSConditionalAccessPolicy

Creates a new conditional access policy in Azure Active Directory.

New-AzureADMSIdentityProvider

This cmdlet is used to configure a new identity provider in the directory.

New-AzureADMSNamedLocationPolicy

Creates a new named location policy in Azure Active Directory.

New-AzureADMSPermissionGrantConditionSet

Create a new Azure Active Directory permission grant condition set in a given policy.

New-AzureADMSPermissionGrantPolicy

Creates a permission grant policy.

Remove-AzureADDeletedApplication

{{ Fill in the Synopsis }}

Remove-AzureADMSApplication

Deletes an application object.

Remove-AzureADMSApplicationExtensionProperty

Deletes an extension property from an application object.

Remove-AzureADMSApplicationKey

Removes a key from an application.

Remove-AzureADMSApplicationOwner

Removes an owner from an application object.

Remove-AzureADMSApplicationPassword

Remove a password from an application.

Remove-AzureADMSApplicationVerifiedPublisher

Removes the verified publisher from an application.

Remove-AzureADMSConditionalAccessPolicy

Deletes a conditional access policy in Azure Active Directory by Id.

Remove-AzureADMSDeletedDirectoryObject

This cmdlet is used to permanently delete a previously deleted directory object

Remove-AzureADMSIdentityProvider

This cmdlet is used to delete an identity provider in the directory.

Remove-AzureADMSNamedLocationPolicy

Deletes an Azure Active Directory named location policy by PolicyId.

Remove-AzureADMSPermissionGrantConditionSet

Delete an Azure Active Directory permission grant condition set by id

Remove-AzureADMSPermissionGrantPolicy

Removes a permission grant policy.

Remove-AzureADMSServicePrincipalDelegatedPermissionClassification

Remove delegated permission classification.

Restore-AzureADMSDeletedDirectoryObject

This cmdlet is used to restore a previously deleted object.

Set-AzureADMSAdministrativeUnit

Updates an administrative unit.

Set-AzureADMSApplication

Updates the properties of an application object.

Set-AzureADMSApplicationLogo

Sets the logo for an application object.

Set-AzureADMSApplicationVerifiedPublisher

Sets the verified publisher of an application to a verified Microsoft Partner Network (MPN) identifier.

Set-AzureADMSConditionalAccessPolicy

Updates a conditional access policy in Azure Active Directory by Id.

Set-AzureADMSIdentityProvider

This cmdlet is used to update the properties of an existing identity provider configured in the directory.

Set-AzureADMSNamedLocationPolicy

Updates a named location policy in Azure Active Directory by PolicyId.

Set-AzureADMSPermissionGrantConditionSet

Update an existing Azure Active Directory permission grant condition set.

Set-AzureADMSPermissionGrantPolicy

Updates a permission grant policy.

인증 기관

Get-AzureADTrustedCertificateAuthority

Gets the trusted certificate authority.

New-AzureADTrustedCertificateAuthority

Creates a trusted certificate authority.

Remove-AzureADTrustedCertificateAuthority

Removes a trusted certificate authority.

Set-AzureADTrustedCertificateAuthority

Updates a trusted certificate authority.

디렉터리에 연결

Connect-AzureAD

Connects with an authenticated account to use Active Directory cmdlet requests.

Disconnect-AzureAD

Disconnects the current session from an Azure Active Directory tenant.

연락처

Get-AzureADContact

Gets a contact from Azure Active Directory.

Get-AzureADContactDirectReport

Get the direct reports for a contact.

Get-AzureADContactManager

Gets the manager of a contact.

Get-AzureADContactMembership

Get a contact membership.

Get-AzureADContactThumbnailPhoto

Retrieves the thumbnail photo of a contact

Remove-AzureADContact

Removes a contact.

Remove-AzureADContactManager

Removes a contact's manager.

Select-AzureADGroupIdsContactIsMemberOf

Get groups in which a contact is a member.

계약

Get-AzureADContract

Gets a contract.

삭제된 개체

Restore-AzureADDeletedApplication

Restores a previously deleted application

디바이스

Add-AzureADDeviceRegisteredOwner

Adds a registered owner for a device.

Add-AzureADDeviceRegisteredUser

Adds a registered user for a device.

Get-AzureADDevice

Gets a device from Active Directory.

Get-AzureADDeviceConfiguration

This cmdlet retrieves the device configuration object

Get-AzureADDeviceRegisteredOwner

Gets the registered owner of a device.

Get-AzureADDeviceRegisteredUser

Gets a registered user.

New-AzureADDevice

Creates a device.

Remove-AzureADDevice

Deletes a device.

Remove-AzureADDeviceRegisteredOwner

Removes the registered owner of a device.

Remove-AzureADDeviceRegisteredUser

Removes a registered user from a device.

Set-AzureADDevice

Updates a device.

디렉터리

Get-AzureADSubscribedSku

Gets subscribed SKUs to Microsoft services.

Get-AzureADTenantDetail

Gets the details of a tenant.

Set-AzureADTenantDetail

Set contact details for a tenant

디렉터리 개체

Get-AzureADObjectByObjectId

Retrieves the object(s) specified by the objectIds parameter

디렉터리 역할

Add-AzureADDirectoryRoleMember

Adds a member to a directory role.

Enable-AzureADDirectoryRole

Activates an existing directory role in Azure Active Directory.

Get-AzureADDirectoryRole

Gets a directory role.

Get-AzureADDirectoryRoleMember

Gets members of a directory role.

Get-AzureADDirectoryRoleTemplate

Gets directory role templates.

Get-AzureADMSRoleAssignment

Gets information about role assignments in Azure AD.

Get-AzureADMSRoleDefinition

Gets information about role definitions in Azure AD.

New-AzureADMSRoleAssignment

Creates an Azure AD role assignment.

New-AzureADMSRoleDefinition

Creates an Azure AD role definition.

Remove-AzureADDirectoryRoleMember

Removes a member of a directory role.

Remove-AzureADMSRoleAssignment

Removes an Azure AD role assignment.

Remove-AzureADMSRoleDefinition

Removes an Azure AD role definition.

Set-AzureADMSRoleDefinition

Update an existing Azure AD role definition.

도메인

Confirm-AzureADDomain

Validate the ownership of a domain.

Get-AzureADDomain

Gets a domain.

Get-AzureADDomainNameReference

This cmdlet retrieves the objects that are referenced by a given domain name

Get-AzureADDomainServiceConfigurationRecord

Gets the domain's service configuration records from the serviceConfigurationRecords navigation property.

Get-AzureADDomainVerificationDnsRecord

Retrieve the domain verification DNS record for a domain

New-AzureADDomain

Creates a domain.

Remove-AzureADDomain

Removes a domain.

Set-AzureADDomain

Updates a domain.

Extension Properties

Get-AzureADExtensionProperty

Gets extension properties registered with Azure AD.

그룹

Add-AzureADGroupMember

Adds a member to a group.

Add-AzureADGroupOwner

Adds an owner to a group.

Add-AzureADMSLifecyclePolicyGroup

Adds a group to a lifecycle policy

Get-AzureADGroup

Gets a group (via AzureAD Graph).

Get-AzureADGroupAppRoleAssignment

Gets a group application role assignment.

Get-AzureADGroupMember

Gets a member of a group.

Get-AzureADGroupOwner

Gets an owner of a group.

Get-AzureADMSGroup

Gets information about groups in Azure AD (via MS Graph).

Get-AzureADMSGroupLifecyclePolicy

Retrieves the properties and relationships of a groupLifecyclePolicies object in Azure Active Directory. If you specify no parameters, this cmdlet gets all groupLifecyclePolicies.

Get-AzureADMSLifecyclePolicyGroup

Retrieves the lifecycle policy object to which a group belongs.

New-AzureADGroup

Creates a group.

New-AzureADGroupAppRoleAssignment

Assign a group of users to an application role.

New-AzureADMSGroup

Creates an Azure AD group.

New-AzureADMSGroupLifecyclePolicy

Creates a new groupLifecyclePolicy

Remove-AzureADGroup

Removes a group.

Remove-AzureADGroupAppRoleAssignment

Delete a group application role assignment.

Remove-AzureADGroupMember

Removes a member from a group.

Remove-AzureADGroupOwner

Removes an owner from a group.

Remove-AzureADMSGroup

Removes an Azure AD group.

Remove-AzureADMSGroupLifecyclePolicy

Deletes a groupLifecyclePolicies object

Remove-AzureADMSLifecyclePolicyGroup

Removes a group from a lifecycle policy

Reset-AzureADMSLifeCycleGroup

Renews a group by updating the RenewedDateTime property on a group to the current DateTime.

Select-AzureADGroupIdsGroupIsMemberOf

Gets group IDs that a group is a member of.

Set-AzureADGroup

Updates a specific group in Azure Active Directory

Set-AzureADMSGroup

Sets the properties for an existing Azure AD group.

Set-AzureADMSGroupLifecyclePolicy

Updates a specific group Lifecycle Policy in Azure Active Directory

OAuth2

Get-AzureADOAuth2PermissionGrant

Gets OAuth2PermissionGrant entities.

Remove-AzureADOAuth2PermissionGrant

Removes an oAuth2PermissionGrant.

정책

Get-AzureADMSAuthorizationPolicy

Gets an authorization policy, which represents a policy that can control Azure Active Directory authorization settings.

Set-AzureADMSAuthorizationPolicy

Updates an authorization policy, which represents a policy that can control Azure Active Directory authorization settings.

서비스 주체

Add-AzureADServicePrincipalOwner

Adds an owner to a service principal.

Get-AzureADServiceAppRoleAssignedTo

Gets app role assignments for this app or service, granted to users, groups and other service principals.

Get-AzureADServiceAppRoleAssignment

Gets a service principal application role assignment.

Get-AzureADServicePrincipal

Gets a service principal.

Get-AzureADServicePrincipalCreatedObject

Get objects created by a service principal.

Get-AzureADServicePrincipalKeyCredential

Get key credentials for a service principal.

Get-AzureADServicePrincipalMembership

Get a service principal membership.

Get-AzureADServicePrincipalOAuth2PermissionGrant

Gets an oAuth2PermissionGrant object.

Get-AzureADServicePrincipalOwnedObject

Gets an object owned by a service principal.

Get-AzureADServicePrincipalOwner

Get the owner of a service principal.

Get-AzureADServicePrincipalPasswordCredential

Get credentials for a service principal.

New-AzureADServiceAppRoleAssignment

Assigns an app role to a user, a group, or another service principal.

New-AzureADServicePrincipal

Creates a service principal.

New-AzureADServicePrincipalKeyCredential

Create a new key credential for a service principal

New-AzureADServicePrincipalPasswordCredential

Creates a password credential for a service principal.

Remove-AzureADServiceAppRoleAssignment

Removes a service principal application role assignment.

Remove-AzureADServicePrincipal

Removes a service principal.

Remove-AzureADServicePrincipalKeyCredential

Removes a key credential from a service principal.

Remove-AzureADServicePrincipalOwner

Removes an owner from a service principal.

Remove-AzureADServicePrincipalPasswordCredential

Removes a password credential from a service principal.

Select-AzureADGroupIdsServicePrincipalIsMemberOf

Selects the groups in which a service principal is a member.

Set-AzureADServicePrincipal

Updates a service principal.

사용자

Get-AzureADUser

Gets a user.

Get-AzureADUserAppRoleAssignment

Get a user application role assignment.

Get-AzureADUserCreatedObject

Get objects created by the user.

Get-AzureADUserDirectReport

Get the user's direct reports.

Get-AzureADUserExtension

Gets a user extension.

Get-AzureADUserLicenseDetail

Retrieves license details for a user

Get-AzureADUserManager

Gets the manager of a user.

Get-AzureADUserMembership

Get user memberships.

Get-AzureADUserOAuth2PermissionGrant

Gets an oAuth2PermissionGrant object.

Get-AzureADUserOwnedDevice

Get registered devices owned by a user.

Get-AzureADUserOwnedObject

Get objects owned by a user.

Get-AzureADUserRegisteredDevice

Get devices registered by a user.

Get-AzureADUserThumbnailPhoto

Retrieve the thumbnail photo of a user

New-AzureADMSInvitation

This cmdlet is used to invite a new external user to your directory.

New-AzureADUser

Creates an Azure AD user.

New-AzureADUserAppRoleAssignment

Assigns a user to an application role.

Remove-AzureADUser

Removes a user.

Remove-AzureADUserAppRoleAssignment

Removes a user application role assignment.

Remove-AzureADUserExtension

Removes a user extension.

Remove-AzureADUserManager

Removes a user's manager.

Revoke-AzureADSignedInUserAllRefreshToken

Invalidates the refresh tokens issued to applications for the current user.

Revoke-AzureADUserAllRefreshToken

Invalidates the refresh tokens issued to applications for a user.

Select-AzureADGroupIdsUserIsMemberOf

Selects the groups that a user is a member of.

Set-AzureADUser

Updates a user.

Set-AzureADUserExtension

Sets a user extension.

Set-AzureADUserLicense

Adds or removes licenses for a Microsoft online service to the list of assigned licenses for a user.

Note

The Set-AzureADUserLicense cmdlet is deprecated. Learn how to assign licenses with Microsoft Graph PowerShell. For more info, see the Assign License Microsoft Graph API.

Set-AzureADUserManager

Updates a user's manager.

Set-AzureADUserPassword

Sets the password of a user.

Set-AzureADUserThumbnailPhoto

Set the thumbnail photo for a user

Update-AzureADSignedInUserPassword

Updates the password for the signed-in user.